I'm building an identity service using PKI and MTLS for authentication.
I use AWS ACM PCA for private certificate authority and AWS KMS for key pairs.
I use the private key created by KMS to sign the Certificate Signing Request that's sent to PCA for creating a client certificate.
The client certificate is then bundled together with the CA certificate chain and the private key in PKCS#12 format and returned to the user which is used to authenticate the user.
We also want the user to be able to sign data, e.g. a json string a PDF file e.t.c.
According to KMS documentation they recommend different types of keys for signing and encryption.
So, do I need different certificates for signing data and if so, what's the point of the signing certificate if the data is signed with the private key and the authentication is made with the client certificate?
We want to be able to authenticate the user using one certificate which is not protected by a password and require password for signing, so I guess we need different PKCS#12 stores?
Related
I wish to secure an API with OAuth 2.0 Mutual TLS Client Authentication. Here the client will send its certificate to the OAuth server(servlet). I want to generate a certificate bounded access token with the client certificate. I referred to this documentation: https://www.rfc-editor.org/rfc/rfc8705.html. I have understood how this authentication works but I practically don't know how to store the client certificate hash in the JSON Web Key.
Can anyone tell what the contents should the client certificate contain and how to make a certificate hash and create JSON Web Keys to store the hash and how can I validate the client with both client certificate and certificate bounded access token in the return request to the resource server(API).
If there any methods or ways of doing this please suggest them.
I'm looking for USB token solution for asymmetrical decryption purpose. The server has encrypted sensitive data with periodically rotating data encryption key (DEK), which is stored alongside with the encrypted data, encrypted itself with pre-distributed public key of the USB token (KEK).
The user (web browser client) logins to the single page application with username and password. User then inserts the USB token, which will trigger the following sequence:
Retrieve the encrypted DEK's from the server
Decrypt the DEK's with USB token private key
Retrieve the data from the server with the DEK's
I have looked into solutions like Yubikey, but it seems to be more focused on the user authentication than cipher services. What is the correct product to implement hardware based cipher in portable format? Expensive HSM is out of question, as multiple users should posses an instance of the portable token. Also, each instance should contain the same private key.
Nice idea, however you are having a few issues
Decrypt the DEK's with USB token private key
Currently no browser supports using decrypting by pkcs#11 (smart card or usb token keystore protocol) directly.
The browsers can use a stored keypair to authenticate and that's it. (if I missed something, please correct me).
Though you could use some local utility(non-web) to decrypt using a smartcard (gpg, openssl,...)
Also, each instance should contain the same private key.
Most of the serious smart cards allow generating a new private key, but you not importing own key material (at least the ones I had). So it is difficult to create multiple smart cards with the same keypair
What you could do is encrypt the DEK for a set of public keys
How is X.509 certificate for a confidential identity signed? Does the node signs it with it's node certificate? Or is it signed with node's well-known signing identity?
How is it avoided that the certification chain can not be followed back from the signature created by the confidential signing identity? For instance, in the cash usecase where historic states back to the issuer have to be presented in order to be able to validate cash transactions.
The node's well-known identity issues and signs certificates for each one of its confidential identities.
It only shares the certificate chain linking a confidential identity back to its well-known identity on a need-to-know basis.
If a node inspects a transaction chain where a confidential identity has been used for which they have not received the certificate chain, the node will simply see an anonymous public key that they cannot link to a well-known identity.
Sorry for my bad English. I have read about Security and understood how RSA work.
But how can RSA keep Authentication, a man in middle can use public key and fake message back. And how it keep Non-repudiation, someone who send you a message encrypted by public key can say that it is not from him and it is faked?
There is some math behind RSA PKI (public key infrastructure) but I will try to keep it simple. Though this scenario is described in many other sites and questions/answers. What exacly you don't understand?
The idea is, that it is easy to encrypt with the public key, but not possible to decrypt. The decryption is possible only with the private key.
Seems your question is aiming somewhere else. What you are missing (and is not part of the RSA itself) are certificates. Certificates may use RSA. A certificate is information about a holder of the public key. Still - there is a problem. If an entity (person, website) provides you a certificate, how can you be sure the cretificate really belongs to the website, person or organization?
That's why there is defined term Certificate Authority (CA) - there are organizations which you (or your browser) should trust.
So when a website creates its RSA keypair, some certificate authority issues a signed certificate (bound to the public key) that the certificate is really from the website, person or organization.
a man in middle can you public key and fake message back.
Your client (browser, application) must have a list of trusted Certificate Authorities. Usually it is already stored in your system. So the real web page can provide its public key and certificate and use encryption based on the public key. The browser checks that the certificate is valid and it is issued by a trusted authority.
The "man in the middle" would not be able to provide valid and trusted (signed by CA) certificate.
And how it keep Non-repudiation, someone who send you a
message encrypted by public key can say that it is not
from him and it is faked?
The same comes to the signing. Once data are signed (or authenticated) using the private key, the signature can be validated by anyone using the public key. A certificate is bound to the public key. Usualy the signing certificate is issued only when identity is verified by the certificate authority (for example for electronic ID cards, code signing certificates, ..). So anyone could verify the signature was created by someone who was verified by a trusted authority.
I am trying to use BouncyCastle (1.52) on Java to create a CA certificate and then issue a client certificate from that.
I have managed to do so using the class X509v3CertificateBuilder however that class only takes the X500Name of the issuer and the private key which means no validation seems to be performed on whether the certificate being used to generate/sign the client certificate is even allowed to do so. This allow me to do things like signing a client certificate with another client certificate (BasicConstraint extension set to false) or with a certificate which does not have the correct KeyUsage extension.
Is there some class which performs all these validations upon signing in BC or is that something left to be implemented by the user?